Page 14 of 129 results (0.013 seconds)

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-3727 – jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281)

https://notcve.org/view.php?id=CVE-2016-3727

The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors. La URL API computer/(master)/api/xml en Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados con permiso avanzado de lectura para el nodo maestro obtener información sensible sobre la configuración global a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2016-1773.html https://access.redhat.com/errata/RHSA-2016:1206 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 https://access.redhat.com/security/cve/CVE-2016-3727 https://bugzilla.redhat.com/show_bug.cgi?id=1335422 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-3723 – jenkins: Information on installed plugins exposed via API (SECURITY-250)

https://notcve.org/view.php?id=CVE-2016-3723

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints. Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados con acceso a lectura obtener información sensible de instalación de plugin aprovechando la falta de comprobaciones de permisos en dispositivos XML/JSON API no especificados. • http://rhn.redhat.com/errata/RHSA-2016-1773.html https://access.redhat.com/errata/RHSA-2016:1206 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 https://access.redhat.com/security/cve/CVE-2016-3723 https://bugzilla.redhat.com/show_bug.cgi?id=1335417 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-3721 – jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170)

https://notcve.org/view.php?id=CVE-2016-3721

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables. Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 podría permitir a usuarios remotos autenticados inyectar parámetros de construcción arbitrarios en el entorno de construcción a través de variables del entorno. • http://rhn.redhat.com/errata/RHSA-2016-1773.html http://www.openwall.com/lists/oss-security/2024/05/02/3 https://access.redhat.com/errata/RHSA-2016:1206 https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 https://access.redhat.com/security/cve/CVE-2016-3721 https://bugzilla.redhat.com/show_bug.cgi • CWE-17: DEPRECATED: Code •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-2160 – Privilege escalation when changing root password in sti builder image

https://notcve.org/view.php?id=CVE-2016-2160

Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. Red Hat OpenShift Enterprise 3.2 y OpenShift Origin permiten a usuarios remotos autenticados ejecutar comandos con privilegios de root cambiando la contraseña de root en una imagen builder sti. A flaw was found in the building of containers within OpenShift Enterprise. An attacker could submit an image for building that executes commands within the container as root, allowing them to potentially escalate privileges. • https://access.redhat.com/errata/RHSA-2016:1064 https://bugzilla.redhat.com/show_bug.cgi?id=1316127 https://github.com/openshift/origin/pull/7864 https://access.redhat.com/security/cve/CVE-2016-2160 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-3711 – haproxy: Setting cookie containing internal IP address of a pod

https://notcve.org/view.php?id=CVE-2016-3711

HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie. HAproxy en Red Hat OpenShift Enterprise 3.2 y OpenShift Origin permite a usuarios locales obtener la dirección IP interna de un pod leyendo la cookie "OPENSHIFT_[namespace]_SERVERID". An information disclosure flaw was discovered in haproxy as used by OpenShift Enterprise; a cookie with the name "OPENSHIFT_[namespace]_SERVERID" was set, which contained the internal IP address of a pod. • https://access.redhat.com/errata/RHSA-2016:1064 https://github.com/openshift/origin/pull/8334 https://access.redhat.com/security/cve/CVE-2016-3711 https://bugzilla.redhat.com/show_bug.cgi?id=1322718 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •